/*
 * Copyright (c) 2025 Huawei Device Co., Ltd.
 * Licensed under the Apache License, Version 2.0 (the "License");
 * You may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

/* 
 * @testsuite Arkts test suite
 * @description
 * Server-Side Request Forgery (SSRF) occurs when an application makes 
 * HTTP requests based on user input without proper validation. This may 
 * allow attackers to access internal services or protected resources.
 * @author Huawei
 *
 */

import express from 'express';
import http from 'http';

const app = express();
app.use(express.json());

app.get('/fetch', async (req, res) => {
    let url = req.query.url;
    try {
        /* POTENTIAL FLAW: Using user input without proper validation. */
        const response = await http.get(url);
        res.send(`<h1>Fetched Content:</h1><pre>${response.req}</pre>`);
    } catch (error) {
        res.status(500).send('Request failed');
    }
});

app.listen(3000, () => {
    console.log('Server running on http://localhost:3000');
});      
